From: Sven Velt <sven@velt.de>
Date: Tue, 9 Feb 2010 14:03:05 +0000 (+0100)
Subject: conf2http can now use SSL!
X-Git-Url: https://git.tokkee.org/?p=nagixsc.git;a=commitdiff_plain;h=3ce04dca4f92dc1486d31fdd4676a5cb4e05a810

conf2http can now use SSL!

Have a look at the conf2http.cfg! It *needs* two more options, "ssl" and
"sslcert". To be sure use a *FULL* pathname to key/cert file.

Create a key and self-signed certificate with:

% openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
          -keyout server.pem -out server.pem
---

diff --git a/init.d/nagixsc_conf2http b/init.d/nagixsc_conf2http
new file mode 100755
index 0000000..0a05158
--- /dev/null
+++ b/init.d/nagixsc_conf2http
@@ -0,0 +1,104 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          nagixsc_conf2http
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:     $local_fs $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      S 0 1 6
+# Short-Description: Nag(IX)SC HTTP Pull
+# Description:       Nag(IX)SC HTTP Pull
+### END INIT INFO
+
+# Author: Sven Velt <sv@teamix.net>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+DESC="Nag(IX)SC Conf2HTTP"
+NAME=nagixsc_conf2http
+DAEMONPATH=/etc/nagios/nagixsc
+DAEMON=$DAEMONPATH/$NAME.py
+DAEMON_ARGS="-c $DAEMONPATH/etc/conf2http.cfg"
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+# [ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+is_running()
+{
+	[ -f "$PIDFILE" ] || return 1
+	ps ax | grep "`cat $PIDFILE`" | grep $NAME | grep -qv grep
+	return $?
+}
+
+do_start()
+{
+	is_running && return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null || return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile --background --exec $DAEMON -- $DAEMON_ARGS || return 2
+}
+
+do_stop()
+{
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+	[ "$?" = 2 ] && return 2
+	rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+
+
+case "$1" in
+  start)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+	do_start
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  restart|force-reload)
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+	  	# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
diff --git a/nagixsc.py b/nagixsc.py
index be3613d..21d2b0c 100644
--- a/nagixsc.py
+++ b/nagixsc.py
@@ -1,8 +1,11 @@
+import BaseHTTPServer
 import ConfigParser
+import SocketServer
 import base64
 import datetime
 import libxml2
 import shlex
+import socket
 import subprocess
 import sys
 
@@ -297,3 +300,36 @@ def reset_future_timestamp(timestamp, now):
 	else:
 		return now
 
+##############################################################################
+
+class MyHTTPServer(BaseHTTPServer.HTTPServer):
+	def __init__(self, server_address, HandlerClass, ssl=False, sslpemfile=None):
+		if ssl:
+			# FIXME: SSL is in Py2.6
+			try:
+				from OpenSSL import SSL
+			except:
+				print 'No Python OpenSSL wrapper/bindings found!'
+				sys.exit(127)
+
+			SocketServer.BaseServer.__init__(self, server_address, HandlerClass)
+			context = SSL.Context(SSL.SSLv23_METHOD)
+			context.use_privatekey_file (sslpemfile)
+			context.use_certificate_file(sslpemfile)
+			self.socket = SSL.Connection(context, socket.socket(self.address_family, self.socket_type))
+		else:
+			SocketServer.BaseServer.__init__(self, server_address, HandlerClass)
+			self.socket = socket.socket(self.address_family, self.socket_type)
+
+		self.server_bind()
+		self.server_activate()
+
+
+class MyHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
+	def setup(self):
+		self.connection = self.request
+		self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
+		self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
+
+##############################################################################
+
diff --git a/nagixsc_conf2http.py b/nagixsc_conf2http.py
index 640539f..d296bff 100755
--- a/nagixsc_conf2http.py
+++ b/nagixsc_conf2http.py
@@ -1,6 +1,5 @@
 #!/usr/bin/python
 
-import BaseHTTPServer
 import ConfigParser
 import base64
 import optparse
@@ -40,9 +39,10 @@ config = {}
 try:
 	config['ip']   = cfgread.get('server', 'ip')
 	config['port'] = cfgread.getint('server', 'port')
+	config['ssl']  = cfgread.getboolean('server', 'ssl')
+	config['cert'] = cfgread.get('server', 'sslcert')
 
 	config['conf_dir']         = cfgread.get('server', 'conf_dir')
-	config['conf2xml_cmdline'] = cfgread.get('server', 'conf2xml_cmdline')
 
 except ConfigParser.NoOptionError, e:
 	print 'Config file error: %s ' % e
@@ -54,7 +54,7 @@ for u in cfgread.options('users'):
 
 ##############################################################################
 
-class Conf2HTTPHandler(BaseHTTPServer.BaseHTTPRequestHandler):
+class Conf2HTTPHandler(MyHTTPRequestHandler):
 
 	def http_error(self, code, output):
 		self.send_response(code)
@@ -65,8 +65,6 @@ class Conf2HTTPHandler(BaseHTTPServer.BaseHTTPRequestHandler):
 
 
 	def do_GET(self):
-		cmdline = config['conf2xml_cmdline']
-
 		path = self.path.split('/')
 
 		# Check Basic Auth
@@ -126,8 +124,12 @@ class Conf2HTTPHandler(BaseHTTPServer.BaseHTTPRequestHandler):
 
 
 def main():
+	if config['ssl'] and not os.path.isfile(config['cert']):
+		print 'SSL certificate "%s" not found!' % config['cert']
+		sys.exit(127)
+
+	server = MyHTTPServer((config['ip'], config['port']), Conf2HTTPHandler, ssl=config['ssl'], sslpemfile=config['cert'])
 	try:
-		server = BaseHTTPServer.HTTPServer((config['ip'], config['port']), Conf2HTTPHandler)
 		server.serve_forever()
 	except:
 		server.socket.close()
diff --git a/sample-configs/conf2http.cfg b/sample-configs/conf2http.cfg
index 41458cd..9dbb3ac 100644
--- a/sample-configs/conf2http.cfg
+++ b/sample-configs/conf2http.cfg
@@ -1,8 +1,9 @@
 [server]
 ip: 0.0.0.0
 port: 15666
+ssl: true
+sslcert: server.pem
 
-conf2xml_cmdline: ./nagixsc_conf2xml.py
 conf_dir: ./sample-configs/conf
 
 [users]